Access-Privacy Balance Could Prove Elusive for Hospitals

Technology infrastructure can impact both the relative high cost and low quality of healthcare in the U.S., said Paul Tang, MD, vice president and CIO of Palo Alto (CA) Medical Foundation at a feisty "town hall" style discussion at the College of Healthcare Information Management Executives (CHIME) 2010 CIO forum held in Atlanta, GA, on Sunday.

"The government can't do it," said Tang, who is also the vice chair of the HIT Policy Committee and the chair of the Meaningful Use Work Group. "They don't have the expertise that's in this room and in the field."

Balancing privacy and access
There were audible grumbles from the experts in the room when talk turned to interoperability and privacy. It's a new era in terms of what systems can do, Tang said. And without access we put patients at risk. But will privacy concerns stand in the way of systems that can talk to each other across hospitals and other healthcare organizations?

Sharing patients' protected health information (PHI) is fine within one hospital or one healthcare system, said Deborah Peel, MD, founder and chair of the Austin-TX-based consumer advocacy organization Patient Privacy Rights. But, she said, most people do not want their information shared outside of their health provider's system. And there's some PHI they don't want to share at all, such as the medications they're taking, especially in fields such as mental health.

Her suggestion is to have an opt-in system that allows patients to choose how they control their information. For example, they might choose to allow the provider to share their information with other clinicians that the patient approves, but not for medical research. Or they might check off a box that says the provider must contact them before releasing any records.

That's when the grumbling reached its peak.

An audience member from a small rural hospital responded to Peel by saying his staff can't keep up with outgoing calls and can't afford to hire additional staff to call patients whenever they need to access their medical records. Even if they did have the money, the shortage of workers in his area would make it difficult to fill those jobs.

Panelist Elizabeth Johnson, RN, vice president of applied clinical informatics at Tenet Healthcare Corporation, said even a large organization like hers would find it challenging to notify patients before accessing their records. The key is to find the balance between privacy and the need to access information to provide care to patients, said Johnson, also a member of the HIT Standards Committee.

While patients and doctors often worry about medical records being hacked by cybercriminals and Internet snoops, the most common cause of health data breaches is physical theft of computing gear, according...